Here you can view and create frameworks that are relevant for your generic controls.
What are frameworks?
Frameworks can be laws or regulations that the organisation wants to comply with, e.g., ISO standards, a NIST Cybersecurity framework, SOC II or another legal framework like the Anti Money Laundering Directive.
Each framework control can be added to your generic controls. In this way, you can have one generic control that implements several of your different framework controls. For example, if you are implementing an ISO standard that requires you to have specific policies in place, and at the same time youre implementing another framework that sets out similar requirements, one generic control that entails the implementation of the given policies will include compliance to both control frameworks. Thus you are able to carry out specific generic controls that document compliance to multiple frameworks at the same time. The link between the generic control and the framework controls is created on the ”Framework Controls” tab when creating a Generic Control from the main menu in the system. Go to Generic controls > New Generic control > Framework controls
Create a new framework
If you are an admin, you can add new framework to your list of frameworks that you want to document compliance to. Go to Settings > Frameworks > ‘Create framework’ to create a new one. You can fill in master data (name and description) on the new framework and click Save.
Once the master details have been filled out (name and description), go to the framework just created, to add the framework control objectives and create each framework control.
Each framework control is placed in relation to a specific control objective.
When framework controls are created, chose whether or not each control is applicable to your organization, write a SoA (Statement of Applicability) description, and chose the implementation status of the given framework control.
You can also link framework controls to policies and procedures if you have uploaded or linked policies and procedures to the system. Once you have created a framework control and connected it to a framework objective you can click on the edit button on the framework control (not the objective) and click on ‘View linked controls’ > Policies and procedures > add new.
Edit master data on an existing framework
To edit master data on existing frameworks, go to the edit icon on the right side of the list. To edit controls or control objectives click on the edit icon in line with the given control or control objective you want to edit.
Delete a framework
If you want to delete a framework, click on the trash can icon on the right side of the row. Then click confirm. To dele control objectives or framework controls go to the framework and on the line of the given control or control objective, click on the trach can icon.